Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)
Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised.

Strategies for secure identity management in hybrid environments
In this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments.

Leveraging AI for enhanced compliance and governance
In this Help Net Security interview, Dr. Joseph Sweeney, Advisor at IBRS, discusses the risks of integrating AI into information management systems.

Strategies to cultivate collaboration between NetOps and SecOps
In this Help Net Security interview, Debby Briggs, CISO at Netscout, discusses breaking down silos between NetOps and SecOps. Practical steps include scheduling strategy meetings, understanding communication preferences, and fostering team collaboration.

Cybersecurity jobs available right now: April 10, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)
EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI.

Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being leveraged by attackers in the wild.

Graylog: Open-source log management
Graylog is an open-source solution with centralized log management capabilities. It enables teams to collect, store, and analyze data to get answers to security, application, and IT infrastructure questions.

WiCyS: A champion for a more diverse cybersecurity workforce
In this Help Net Security interview, Lynn Dohm, Executive Director at Women in CyberSecurity (WiCyS), talks about how the organization supports its members across different stages of their cybersecurity journey.

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime
In early 2023, the World Economic Forum (WEF) launched Cybercrime Atlas, with the intent to map the cybercriminal ecosystem by facilitating collaboration between private and public organizations.

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)
A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found.

XZ Utils backdoor: Detection tools, scripts, rules
As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems.

New Latrodectus loader steps in for Qbot
New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the IcedID loader.

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them
Google is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced.

LG smart TVs may be taken over by remote attackers
Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices.

IT pros targeted with malicious Google ads for PuTTY, FileZilla
An ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application).

New covert SharePoint data exfiltration techniques revealed
Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server.

Ransomware group maturity should influence ransom payment decision
Your organization has been hit by ransomware and a decision has to be made on whether or not to make the ransom payment to get your data decrypted, deleted from attackers’ servers, and/or not leaked online.

CISA warns about Sisense data breach
Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company’s customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services.”

How can the energy sector bolster its resilience to ransomware attacks?
Since it plays a vital role in every functioning society, the energy sector has always been a prime target for state-backed cybercriminals.

How malicious email campaigns continue to slip through the cracks
In this Help Net Security video, Josh Bartolomie, VP of Global Threat Services at Cofense, discusses how email will remain a target as long as it remains the predominant form of communication within a business.

April 2024 Patch Tuesday forecast: New and old from Microsoft
This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed.

Defining a holistic GRC strategy
In this Help Net Security video, Nicholas Kathmann, CISO at LogicGate, discusses why companies are turning to a holistic GRC strategy.

How exposure management elevates cyber resilience
Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand their assets’ security posture in relation to the whole estate.

AI risks under the auditor’s lens more than ever
In this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner, discusses how AI-related risks have seen the biggest increases in audit plan coverage in 2024.

Why are many businesses turning to third-party security partners?
In 2023, 71% of organizations across various industries reported that their business feels the impact of the ongoing cybersecurity skills shortage.

Stopping security breaches by managing AppSec posture
In this Help Net Security video, Gopi Rebala, CTO at OpsMx, talks about how managing application security posture can help companies identify, prioritize, and fix vulnerabilities and stop security breaches while enforcing policies to block vulnerable deployments to production environments.

How Google’s 90-day TLS certificate validity proposal will affect enterprises
Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of opportunity for bad actors to exploit compromised or stolen certificates and private keys.

The next wave of mobile threats
In this Help Net Security video, Michael Covington, VP of Portfolio Strategy at Jamf, discusses planning a mobile security strategy.

New infosec products of the week: April 12, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Akamai, Bitdefender, Siemens, Veriato, and Index Engines.

More about

Don't miss